Author Topic: Malware or Adware??  (Read 2178 times)

0 Members and 1 Guest are viewing this topic.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 712
  • A Good Old Indian!
Malware or Adware??
« on: April 05, 2012, 07:33:37 AM »
See: https://www.virustotal.com/file/1fbcce03e004a03e5015c10f37451e17a5fd63723e5249e4c605d03d136f9395/analysis/1333603840/
First seen by VirusTotal
2011-12-25 22:02:23 UTC ( 3 months, 1 week ago )
Nothing detected by avast yet...
Malwarebytes detects as trojan Repack SMS
see result from camas:
http://camas.comodo.com/cgi-bin/submit?file=1fbcce03e004a03e5015c10f37451e17a5fd63723e5249e4c605d03d136f9395
anubis report:
http://anubis.iseclab.org/?action=result&task_id=16ecc2b4e885eacb4b59e47abf651a087&format=html
Threat expert says:
http://www.threatexpert.com/report.aspx?md5=bf3d598eda041e4023e0b369b6725fbd
Looks like it drops Funmood adware  ??? interesting....
Quote
%Temp%\mt_ffx\Funmoods\funmoods\1.5.12.2
Norton gives a suspicious insight on it:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
Reported to avast from chest.

Any guess of what it is??
« Last Edit: April 05, 2012, 07:48:16 AM by true indian »

Offline Pondus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 27841
Re: Malware or Adware??
« Reply #1 on: April 05, 2012, 12:14:28 PM »
Sigcheck

publisher................: PC MEGA RAPIDO LTDA
product..................: ASSISTENTE DE DOWNLOAD
internal name............: ASSISTENTE DE DOWNLOAD
copyright................: (c) PC MEGA RAPIDO LTDA
original name............: pcmegarapido.exe
signing date.............: 6:51 AM 12/22/2011
signers..................: YBR INTERNET LTDA ME
               Go Daddy Secure Certification Authority
               Go Daddy Class 2 Certification Authority
file version.............: 1.0.0
description..............: ASSISTENTE DE DOWNLOAD



upload to Avira and see what they say
and you posted wrong ThreatExpert link

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.